Cloud Health Services, Part 2: Privacy and Security

In response to the migration of health services to the cloud, vendors have been partnering with various organizations to gain a foothold in the market and to test out their solutions.

One of the cloud’s major selling points is security — but it is not as safe as it’s made out to be.

Google’s Healthcare Approach

Google Cloud “recently announced a significant expansion in HIPAA compliance across our portfolio of cloud products,” noted Joe Corkery, Google Cloud’s head of product healthcare and life sciences.

It also launched the Cloud Healthcare API to get around data interoperability issues.

The API works with leading industry standards, and provides DICOM-aware storage. This “can reduce the burden of IT management in medical imaging, in particular PACS migrations,” Corkery told the E-Commerce Times.

Google’s G Suite has been gaining adoption in the healthcare industry as a vehicle for HIPAA-compliant collaboration and data exchange, Corkery said, and Chrome “offers a variety of hardware options” for the healthcare industry.

Google Cloud supports various partners, including Google Brain, Verily Life Sciences and DeepMind, to deploy healthcare solutions on a global scale.

Google Cloud also has invested in genomics, and it offers the Google Genomics API. Further, its team has been working with other Google researchers to bring machine intelligence capabilities to medical imaging.

Google is “really building out the machine learning and neural nets,” Constellation Research Principal Analyst Ray Wang told the E-Commerce Times.

Google Cloud last week announced an agreement to acquire enterprise cloud migration technology provider Veleostrata, a move that will enable its customers to do the following:

Adapt workloads on the fly for cloud execution;

Migrate virtual machine-based workloads to and from the cloud; and

Easily control and automate where their data is held at all times.

Microsoft’s Play

Healthcare NExT is a planned series of collaborations between Microsoft’s AI and Research organization and healthcare partners, beginning with the University of Pittsburgh Medical Center.

Microsoft earlier this year released the Azure Security and Compliance Blueprint for HIPAA/HITRUST Health Data and AI, which include reference architectures, compliance guidance and deployment scripts.

Apple’s Healthcare Moves

Apple in January updated its Health app in the iOS 11.3 beta with a feature that lets consumers see their medical records on their iPhones. Partners include John Hopkins Medicine, Cedars-Sinai and Penn Medicine.

The App Store offers more than 40,000 healthcare-related apps.

Apple also offers the CareKit and ResearchKit open source app building frameworks.

Facebook in the Wake of Cambridge Analytica

Facebook reportedly began engaging last year with organizations, including the American College of Cardiology, about matching their anonymized health data — related to age and health issues, for example — with anonymized profiles from its pages.

Facebook then would use insights from the users’ behavior on its platform to inform medical treatments.

Privacy Is a Problem

“The real challenge here is patient — and facility — acceptance of Google or Facebook, for example, as a trusted steward of private and sensitive personal information,” said Rebecca Wettemann, VP of research at Nucleus Research.

Amazon and Microsoft “have strong track records in security and performance with AWS and Azure,” she told the E-Commerce Times, but “the recent [Cambridge Analytica] fiasco and Zuckerberg’s inability to articulate a mature and thoughtful strategy about protecting individuals’ Facebook data would rule it out for most consumers.”

However, Google Cloud does not have access to the data users bring to it, Google’s Corkery pointed out. That data “is controlled by those organizations and is not used for other purposes.”

The Perennial Bugbear

The move to electronic medical record systems has made patient records vulnerable to cyberattacks, and the rapid rise in healthcare-related Internet of Things devices “has created a new and large attack surface,” said Bob Noel, director of strategic relationships and marketing at Plixer.

IoT devices in healthcare range from small scale test equipment in a doctor’s office to the largest scanners in major hospitals, noted Andrew Lloyd, president of Corero Network Security.

DDoS attacks can result in denial of access to a cloud service, performance degradation, or a data breach, he told the E-Commerce Times. Another possibility is that IoT devices could be compromised and swept up to form a botnet.

“It costs only (US)$100 to rent a DDoS attack on the Dark Web, and individual attacks can cost victims up to $50,000,” Lloyd pointed out.

Public cloud providers are better able to protect against security risks, Google Cloud’s Corkery remarked.

Many healthcare organizations “come to Google Cloud specifically for the security benefits associated with running their infrastructure and applications on Google Cloud,” he said, noting that it has “the highest reliability in the industry.”